diff mbox series

[Concept,17/19] bootctl: Allow unlocking LUKS2 partitions

Message ID	20251208023229.3929910-18-sjg@u-boot.org
State	New
Headers	From: Simon Glass <sjg@u-boot.org> To: U-Boot Concept <concept@u-boot.org> Date: Sun, 7 Dec 2025 19:32:20 -0700 Message-ID: <20251208023229.3929910-18-sjg@u-boot.org> In-Reply-To: <20251208023229.3929910-1-sjg@u-boot.org> References: <20251208023229.3929910-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: 6N2ZL6PMUHKJIGTHBB43MMPOVRTBSRDG CC: Simon Glass <simon.glass@canonical.com> Precedence: list Subject: [Concept] [PATCH 17/19] bootctl: Allow unlocking LUKS2 partitions Archived-At: <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/6N2ZL6PMUHKJIGTHBB43MMPOVRTBSRDG/> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
Series	bootctl: Continue development with TKey functionality \| [Concept,00/19] bootctl: Continue development with TKey functionality [Concept,02/19] bootctl: Drop unnecessary calls to calculate dimensions [Concept,03/19] bootctl: Set the password flag on the passphrase edit text [Concept,04/19] video: Add a lock image [Concept,05/19] bootctl: Bring in another image [Concept,06/19] bootctl: Allow switching between logos [Concept,07/19] bootctl: Show a lock symbol for locked disks [Concept,08/19] bootctl: Provide passphrase and message objects in the expo [Concept,09/19] bootctl: Enhance the UI to support a TKey [Concept,10/19] bootctl: Provide an extra poll between select and booting [Concept,11/19] bootctl: Clean up some unwanted debugging in the logic [Concept,12/19] bootctl: Add the logic for disk unlock using a TKey [Concept,13/19] bootctl: Fix up the header-inclusion order in the test [Concept,14/19] tkey: Correct handling of the USS [Concept,15/19] tkey: Allow using the selected TKey from luks [Concept,16/19] luks: Add -p flag for pre-derived master key [Concept,17/19] bootctl: Allow unlocking LUKS2 partitions [Concept,18/19] bootctl: Add a TKey for testing [Concept,19/19] bootctl: Enable the tests

Commit Message

Simon Glass Dec. 8, 2025, 2:32 a.m. UTC

  From: Simon Glass <simon.glass@canonical.com>

Switch away from a pre-derived key so that LUKS2 partitions can be
unlocked. Update the ulock message to be more generic.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 boot/bootctl/logic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff mbox series

Patch

diff --git a/boot/bootctl/logic.c b/boot/bootctl/logic.c
index 96cc270ae2c..2ed106628e7 100644
--- a/boot/bootctl/logic.c
+++ b/boot/bootctl/logic.c
@@ -334,9 +334,9 @@  static int perform_tkey_unlock(struct udevice *dev, struct osinfo *os, int seq,
 	 * processed by PBKDF2/Argon2 just like a text passphrase would be.
 	 * This matches how cryptsetup --key-file works.
 	 */
-	log_info("Using LUKS1 unlock with binary passphrase\n");
+	log_info("Using LUKS unlock with binary passphrase\n");
 	ret = luks_unlock(os->bflow.blk, &pinfo, priv->tkey_disk_key,
-			  TKEY_DISK_KEY_SIZE, true, master_key, key_sizep);
+			  TKEY_DISK_KEY_SIZE, false, master_key, key_sizep);
 	if (ret)
 		return log_msg_ret("htu", ret);